Cisco Secure Firewall Management Center Feature Licenses

The Cisco Secure Firewall Management Center feature license type required depends on the software running on the managed device. Secure Firewall Threat Defense devices use Smart licenses, while all other devices use Classic licenses. The management center hardware does not require a license, but the Secure Firewall Management Center Virtual requires an entitlement for each device it will manage. For managed device hardware that is not running threat defense software, see the documentation for your software product.

Management Center Licensing

Table 1. License Requirements for Management Center Hardware Model or Virtual Platform

Management Center Hardware Model or Virtual Platform

License Requirements

Management Center hardware (all models)

No license is required for management center hardware.

The management center can manage devices that use both Smart and Classic licenses.

Management Center Virtual (all platforms)

The management center virtual requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing.

Starting in release 6.7, the management center virtual in a high-availability pair consume a license for each registered device in the configuration.

Table 2. Smart Licenses

License You Assign

Duration

Granted Capabilities

Essentials

Perpetual or Subscription

Note

 

Essentials subscription licenses are supported only on Threat Defense Virtual.

Except for Specific License Reservation and the Secure Firewall 3100, Essentials perpetual licenses are automatically assigned with all threat defense devices.

User and application control

Switching and routing

NAT

For details, see Essentials Licenses.

IPS

Subscription

Intrusion detection and prevention

File control

Security Intelligence filtering

For details, see IPS Licenses.

Malware defense

Subscription

Malware defense

Secure Malware Analytics

File storage

(IPS license is a prerequisite for a Malware defense license.)

For details, see Malware Defense Licenses.

Carrier

Subscription for Firepower 4100/9300, Secure Firewall 3100, and Threat Defense Virtual

Diameter, GTP/GPRS, M3UA, and SCTP inspection

For details, see Carrier License.

URL Filtering

Subscription

Category and reputation-based URL filtering

For details, see URL Filtering Licenses.

(IPS license is a prerequisite for a URL Filtering license.)

Management Center Virtual

  • Regular Smart Licensing— Perpetual

  • Specific License Reservation—Subscription

The platform license determines the number of devices the management center virtual can manage.

For details, see Management Center Virtual Licenses.

Export-Controlled Features

Perpetual

Features that are subject to national security, foreign policy, and anti-terrorism laws and regulations; see Licensing for Export-Controlled Functionality.

Remote Access VPN:

  • Secure Client Premier

  • Secure Client Advantage

  • Secure Client VPN Only

Subscription or perpetual

Remote access VPN configuration. Your account must allow export-controlled functionality to configure remote access VPN. You select whether you meet export requirements when you register the device. The threat defense can use any valid Secure Client license. The available features do not differ based on license type.

For more information, see Secure Client Licenses.

Required License Type (Smart or Classic) for Managed Devices

Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.


Note


Some hardware supports either Classic or Smart Licenses, depending on the software running on the device. Make sure you purchase and activate the correct license type for your software.

For details, see licensing information for the software product that will run on the device.

If you activate the wrong license type, contact Cisco TAC.


Use the information below to determine whether your product requires Classic or Smart Licenses.

Table 3. Summary: Required License Type for Firepower Devices

Software

Required License Type

Threat Defense

Smart

ASA FirePOWER module

Note

 

The ASA runs separate software from the FirePOWER module; licensing for the ASA is not covered in this guide.

Classic

NGIPS devices

Classic

Table 4. Required License Type by Hardware or Virtual Device Model

Device Hardware Model or Virtual Platform

NGIPS Software

Threat Defense Software

ASA FirePOWER Software

Cisco NGIPS for Blue Coat X-Series

Classic

3D500, 3D1000, 3D2000

3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL)

3D9900 (EOL)

Classic

Firepower 7010, 7020, 7030, 7050

Firepower 7110, 7115 7120, 7125

AMP7150

Classic

Firepower 8120, 8130, 8140

Firepower 8250, 8260, 8270, 8290

Firepower 8350, 8360, 8370, 8390

AMP8050, AMP8150, AMP8350

Classic

NGIPSv

Classic

Threat Defense Virtual

Smart

ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X

Smart

Classic

ISA 3000

For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/c/en/us/support/security/defense-center/products-device-support-tables-list.html.

Smart

Versions 6.2.3 and 6.3 support Threat license only.

Support for Specific License Reservation was introduced in 6.4.

Classic

ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X

Smart

Classic

ASA 5585-X

Classic

Firepower 1010

Firepower 1100 Series

Firepower 2100 Series

Firepower 4100 Series

Firepower 9300

Smart

Secure Firewall 3100 Series

Smart

Licensing Instructions by Version

Use this table to find feature license instructions by version.

Software Version

Device Type

Licensing Information For

7.7

Threat Defense

7.6

Threat Defense

7.4

Threat Defense

7.3

Threat Defense

7.2

Threat Defense

7.1

FTD

7.0

FTD

All other supported devices

6.7

FTD

All other supported devices

6.6

FTD

All others

6.5

FTD

All others

6.4

FTD

All others

6.3

FTD

All others

6.2.3

FTD

All others

6.2.2

FTD

All others

6.2.1

FTD

All others

6.2.0.x

FTD

All others

6.1.0.x

FTD

All others

6.0.1.x

FTD

The FTD managed by the management center:

Licensing the Firepower System

All others

6.0.0.x

All except FTD

5.4.x

Classic

5.3.1.x

Classic

Licensing the FireSIGHT System

For Assistance

If you have any questions about installing or using feature licenses, contact TAC Support: